🔹 Tenant User
Changelog​
| Version | Author | Update Date | Comment |
|---|---|---|---|
| 1.0.0 | ITsung.Shen | 2023-11-30 | First Version |
| 1.0.3 | ITsung.Shen | 2024-07-10 | Update description of Chapter 3.1~3.4 |
| 2.0.0 | ITsung.Shen | 2025-06-26 | Add Chapter 3.5 / 3.6Update Chapter 3 with Direct Access scopesUpdate 3.1 Home page with direct access |
1. Introduction​
Tenant user is used to define who can enter the tenant space and use various functions in the tenant. For each added Tenant user, role can be set to limit the user's access to each function.Tenant admin can use the function User Management -> Tenant Users to add or edit Tenant User and User's Role.
2. Add / Edit tenant user​
-
Click
Addbutton of Tenant users page
-
Fill up the basic information of this user
-
If the user is already existed in EdgeHub platform, the portal will automatically fill up the basic information.
-
Set the tenant role of this user. EdgeHub provide five default roles
- Admin
- Editor
- Engineer
- Operator
- Viewer
We will discuss about the relationship between role and EdgeHub function in next section.
-
Click
Nextto set Group permission
-
Set this user's group role in each group. In this example, we add this user into all group and give the user a group role as Admin for each group.
-
Click
submitto add this user
-
Create user successfully.
-
In Tenant user list, you can click
editbutton to edit a user
-
In
Edit tenant userpage, you can change role of this user
-
Same as step 6, you can change group role of this user. In this example, we change some group's role as Editor for this user.
-
Click
Submitto modify this user.
3. Tenant Role & EdgeHub Functionalities​
For the five default roles provided by EdgeHub, each role will have corresponding Permission Scopes configuration, which include:
| Category | Scope Display Name | Description |
|---|---|---|
| Common functions | Alarm and Event | Alarm related operation |
| Device management | Device management | Device management operation |
| Object management | Group, Object, and Parameter | Group/object/parameter related operation |
| Object management | Profile Management | Operation of Profile Management |
| Object management | Plugin | Data plugin operation |
| Object management | Machine Status | Operation of Machine Status (iFactory Pivot environment only) |
| Object management | Rule Management | Operation of Rule Management (iFactory Pivot environment only) |
| Object management | Others (Data Hub) | (System usage) |
| Object management | Others (Rule Engine) | (System usage) |
| User managemnt | User List | User related operation in User management |
| User managemnt | Client List | (System usage) |
| User managemnt | Role List | Role related operation in User management |
| Command Center | Command Center Settings | Command Center operation |
| Command Center | Dashboard & Menu List | Dashboard & Menu operation in Command center |
| Advanced settings | License | License setting in Advance Settings |
| Advanced settings | General | General setting in Advance Settings |
| WISE-IoTSuite/Dashboard | Value and Alarm | Operate value & alarm in Dashboard (Not yet available) |
| WISE-IoTSuite/Dashboard | Operation Log | Operation Log in Dashboard (Not yet available) |
| Direct Access - EPN | Server Management | EPN Server related operation |
| Direct Access - EPN | Device Configuration | EPN Device related operation |
| Direct Access - EPN | Terminal Configuration | EPN Terminal related operation |
| Direct Access - EPN | (Utility) EpnClient operation | EpnClient related operation on EdgeHub utility |
| Direct Access - EPN | (Cloud) EpnClient management | EpnClient related operation on Direct Access portal |
The value of the scope affect the usability of the corresponding EdgeHub functions.
- The value of the scope include:
- Manage (CRUD)
- View (View only)
- None (No permission)
In this section, we talk about the relationship between tenant role and EdgeHub functionalities
3.1 Home Page & header functions​
Tenant role of a user affect that whether this user can access into the function on Home page or not. Affected functions includes:
- [Home Page] Data Management
- The user, whose tenant role has one of the following scope permissions (Manage or View), can access this funciton.
- Group, Object, and Parameter
- Alarm and Event
- Profile Management
- Plugin
- Machine Status
- Rule Management
- The user, whose tenant role has one of the following scope permissions (Manage or View), can access this funciton.
- [Home Page] User Management
- The user, whose tenant role has one of the following scope permissions (Manage or View), can access this funciton.
- User List
- Client List
- Role List
- The user, whose tenant role has one of the following scope permissions (Manage or View), can access this funciton.
- [Home Page] Command Center
- The user, whose tenant role has one of the following scope permissions (Manage or View), can access this funciton.
- Command Center Settings
- Dashboard & Menu List
- The user, whose tenant role has one of the following scope permissions (Manage or View), can access this funciton.
- [Home Page] Device Management
- In current version, this function is affected by Group user role. Please refer to the article of
Group User
- In current version, this function is affected by Group user role. Please refer to the article of
- [Header Function] Advanced settings
- The user, whose tenant role has one of the following scope permissions (Manage or View), can access this funciton.
- License
- General
- The user, whose tenant role has one of the following scope permissions (Manage or View), can access this funciton.
- [Header Function] Tenant management
- The user who has the tenant role of Admin can access this funciton.
- [Home Page] Direct Access
- The user, whose tenant role has one of the following scope permissions (Manage or View), can access this funciton.
- Server Management
- Device Configuration
- Terminal Configuration
- (Cloud) EpnClient management
- The user, whose tenant role has one of the following scope permissions (Manage or View), can access this funciton.
3.2 Data Management​
Some functions's accessability are affected by tenant role, includes:
| Function | Related scope | Admin | Engineer | Editor | Operator | Viewer |
|---|---|---|---|---|---|---|
| Profile management | Profile management | Manage | Manage | Manage | None | View |
| Alarm setting | Alarm and Event | Manage | Manage | Manage | None | View |
| External blob | Group, object, and parameter | Manage | Manage | Manage | None | View |
| Plugin | Plugin | Manage | Manage | Manage | None | View |
3.3 User Management​
Some functions's accessability are affected by tenant role, includes:
| Function | Related scope | Admin | Engineer | Editor | Operator | Viewer |
|---|---|---|---|---|---|---|
| Tenant Users | User List | Manage | None | View | None | View |
| Roles | Role List | Manage | None | View | None | View |
Note: The Roles function currently only supports displaying the Role list. Other functions (add, edit, delete roles) are not yet supported.
3.4 Command Center​
Some functions's accessability are affected by tenant role, includes:
| Function | Related scope | Admin | Engineer | Editor | Operator | Viewer |
|---|---|---|---|---|---|---|
| Command center | Command Center Settings | Manage | Manage | Manage | None | View |
| Dashboard (Access in) | Dashboard & Menu List | Manage | Manage | Manage | None | View |
| Menu list | Dashboard & Menu List | Manage | Manage | Manage | None | View |
Note: For Dashboard functionality, the tenant role only be used to determine whether this user can access into this function or not. The inner function of dashboard operation is affected by Group role of this user.
3.5 Direct Access​
Some functions's accessability are affected by tenant role, includes:
| Function | Related scope | Required scope permission |
|---|---|---|
| Server list | Server Management | Manage, View |
| Add / Edit server | Server Management | Manage |
| Delete server (while delete tenant) | - | Root tenant Admin or parent tenant Admin |
| Device list | Device Configuration | Manage, View |
| Device sync | Device Configuration | Manage |
| Edit device | Device Configuration | Manage |
| Enable / disable device or Bandwidth saver | Device Configuration | Manage |
| Create / Delete device (from DPM) | Device Configuration | Manage |
| Terminal list | Terminal Configuration | Manage, View |
| Add / Edit / Delete terminal | Terminal Configuration | Manage |
| EpnClient list | (Cloud) EpnClient management | Manage, View |
| Register / Edit / Delete EpnClient | (Cloud) EpnClient management | Manage |
| Enable / disable EpnClient or Bandwidth saver | (Cloud) EpnClient management | Manage |
The following table shows how each scope mentioned above is configured under the default roles
| Scope | Admin | Engineer | Editor | Operator | Viewer |
|---|---|---|---|---|---|
| Server Management | Manage | Manage | Manage | View | View |
| Device Configuration | Manage | Manage | Manage | View | View |
| Terminal Configuration | Manage | Manage | Manage | View | View |
| (Cloud) EpnClient management | Manage | Manage | Manage | View | View |
3.6 EdgeHub utility​
Some functions's accessability are affected by tenant role, includes:
| Function | Related scope | Required scope permission |
|---|---|---|
| Device list | Device Configuration | Manage, View |
| Connect / Disconnect device | Device Configuration | Manage |
| Terminal list | Terminal Configuration | Manage, View |
| Add / Edit / Delete terminal | Terminal Configuration | Manage |
| EpnClient Connect / Disconnect (on main window) | (Utility) EpnClient operation | Manage, View |
| Register EpnClient (on main window / tray menu) | (Utility) EpnClient operation | Manage |
| Edit EpnClient (on main window) | (Utility) EpnClient operation | Manage |
| Enable / Disable BandwidthSaver (on main window) | (Utility) EpnClient operation | Manage |
The following table shows how each scope mentioned above is configured under the default roles
| Scope | Admin | Engineer | Editor | Operator | Viewer |
|---|---|---|---|---|---|
| Device Configuration | Manage | Manage | Manage | View | View |
| Terminal Configuration | Manage | Manage | Manage | View | View |
| (Utility) EpnClient operation | Manage | Manage | Manage | View | View |
